Effective Date: [date]
- Data Controller Information
- Company Name: Pharmacoidea Ltd.
- Registered Office: 7–11 Derkovits Fasor, H-6726 Szeged, Hungary
- Tax Number: 13660271-2-06
- Contact: office@pharmacoidea.eu, +36 70 672 6221
- Purpose of Data Processing
The purposes of data processing are:
- managing appointment bookings (Bookly system),
- providing phytotherapy consultations (Zoom / in-person),
- processing payments (Stripe),
- issuing invoices,
- complying with legal obligations,
- handling complaints and inquiries.
- Categories of Personal Data Processed
- Data provided during appointment booking: name, email address, telephone number, and booking details.
- Payment information: payment card details processed through Stripe (these data are handled directly by Stripe and are not accessible to the Service Provider).
- Information provided during consultations: health-related information voluntarily disclosed by the client (e.g., symptoms, dietary habits, lifestyle factors).
- Billing information: name, address, tax number (if applicable).
- Legal Basis for Data Processing
- Performance of a Contract (GDPR Article 6(1)(b)): appointment booking, consultations, and payment processing.
- Compliance with a Legal Obligation (GDPR Article 6(1)(c)): invoicing and accounting obligations.
- Consent of the Data Subject (GDPR Article 6(1)(a)): processing health-related information provided during consultations.
- Data Retention Period
- Appointment booking data: retained for 2 years.
- Billing records: retained for 8 years in accordance with accounting regulations.
- Health-related information: retained for a maximum of 1 year or deleted earlier upon the client’s request, unless otherwise required by law.
- Data Processors
- Bookly (appointment scheduling): stores customer information for booking management purposes.
- Stripe (payment processing): exclusively processes payment card data, which are not accessible to the Service Provider.
- Zoom (online consultations): provides the technical platform for remote consultations.
- Access to Personal Data
Personal data may only be accessed by the Data Controller (Pharmacoidea Ltd.) and its authorized personnel, solely for the purpose of providing the requested services.
- Rights of Data Subjects
The client has the right to:
- request information about the processing of their personal data,
- request correction of inaccurate data,
- request deletion of personal data where no legal obligation prevents such deletion,
- request restriction of data processing,
- exercise the right to data portability,
- lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).
- Data Security
The Data Controller implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction.
- Contact Information
For any questions or requests regarding data protection, please contact: office@pharmacoidea.eu